27-Sep-2005

Some never learn....
Again, someone thinks I wouldn't see break-in attempts.

Extract from operator.log:


%%%%%%%%%%% OPCOM 25-SEP-2005 08:15:20.81 %%%%%%%%%%%
Message from user TCPIP$FTP on DIANA
User Name: anonymous
Source: klik18.klik.bydgoszcz.pl
Status: NOPRIV -- File access violation
Object: WEB_DISK:[public.anonymous.050925095019p]

I've seen this kid before....
Log of anonymous FTP shows this attempt:

25-SEP-2005 08:15:19.46 User:anonymous logged in ident:Fgpuser@home.com from Host:klik18.klik.bydgoszcz.pl
25-SEP-2005 08:15:20.54 User:anonymous ident:Fgpuser@home.com status:00010001 CWD dir:WEB_DISK:[public.anonymous]
25-SEP-2005 08:15:27.07 User:anonymous ident:Fgpuser@home.com logged out


FTP log shows the details:
he logs in:


%TCPIP-I-FTP_SESCON, FTP SERVER: session connection from
klik18.klik.bydgoszcz.pl at 25-SEP-2005 08:15:18.79
%TCPIP-I-FTP_NODE, client host name: klik18.klik.bydgoszcz.pl
%TCPIP-I-FTP_USER, user name: anonymous

and tries to create a directory - which doesn't succeed of course: the directory is read-only and the user has just the normal privileges:


%TCPIP-I-FTP_OBJ, object:
WEB_DISK:[public.anonymous.050925095019p]
%TCPIP-I-FTP_CHINFO, TCPIP$FTPC00001: Failed to create directory
%SYSTEM-F-NOPRIV, insufficient privilege or object protection
violation


Next he tries to access non-existing directories. Any fails with:
%TCPIP-I-FTP_CHINFO, TCPIP$FTPC00001: Failed to set default directory
%SYSTEM-W-BADIRECTORY, bad directory file format

It looks like Windows (IIS) directories:
%TCPIP-I-FTP_OBJ, object: /pub/
%TCPIP-I-FTP_OBJ, object: /public/
%TCPIP-I-FTP_OBJ, object: /_vti_pvt/
%TCPIP-I-FTP_OBJ, object: /_vti_txt/
%TCPIP-I-FTP_OBJ, object: /_vti_cfg/
%TCPIP-I-FTP_OBJ, object: /_vti_log/
%TCPIP-I-FTP_OBJ, object: /_vti_cnf/
%TCPIP-I-FTP_OBJ, object: /_private/
%TCPIP-I-FTP_OBJ, object: /incoming/
%TCPIP-I-FTP_OBJ, object: /pub/incoming/
%TCPIP-I-FTP_OBJ, object: /public/incoming/
%TCPIP-I-FTP_OBJ, object: /public_html/
TCPIP-I-FTP_OBJ, object: /upload/
%TCPIP-I-FTP_OBJ, object: /wwwroot/
%TCPIP-I-FTP_OBJ, object: /mailroot/
%TCPIP-I-FTP_OBJ, object: /ftproot/
%TCPIP-I-FTP_OBJ, object: /home/
%TCPIP-I-FTP_OBJ, object: /images/
%TCPIP-I-FTP_OBJ, object: /web/
%TCPIP-I-FTP_OBJ, object: /www/
%TCPIP-I-FTP_OBJ, object: /html/
%TCPIP-I-FTP_OBJ, object: /cgi-bin/
%TCPIP-I-FTP_OBJ, object: /usr/
%TCPIP-I-FTP_OBJ, object: /usr/incoming/
%TCPIP-I-FTP_OBJ, object: /temp/
%TCPIP-I-FTP_OBJ, object: /~temp/
%TCPIP-I-FTP_OBJ, object: /tmp/
%TCPIP-I-FTP_OBJ, object: /~tmp/
%TCPIP-I-FTP_OBJ, object: /outgoing/
%TCPIP-I-FTP_OBJ, object: /anonymous/
%TCPIP-I-FTP_OBJ, object: /anonymous/_vti_pvt/
%TCPIP-I-FTP_OBJ, object: /anonymous/_vti_cnf/
%TCPIP-I-FTP_OBJ, object: /anonymous/incoming/
%TCPIP-I-FTP_OBJ, object: /anonymous/pub/
%TCPIP-I-FTP_OBJ, object: /anonymous/public/

and finally, logs out:

%TCPIP-I-FTP_SESDCN, FTP SERVER: session disconnection from klik18.klik.bydgoszcz.pl at 25-SEP-2005 08:15:27.22

9 seconds running the whole exercise Must be a script. Ok, this might mean that person obviously doesn't know what it's all about or is too dumb to understand anything on computing.
The ISP site ( http://www.bydgoszcz.pl ) is all in Polish and I doubt they would understand English - I have contacted them before and if they use fixed addressing, they should be able to keep this script-kiddy off the internet....
Or are they too ignorant?

25-Sep-2005

Updated the Web
Have updated the public web, and the HOW-TO pages have been added: http://www.grootersnet.nl/openVMS/HOW_TO/index.htm
It's not 100%, just found a wrong link but that will be handled next week.

All is working. though lost some time in updating Hera.

24-Sep-2005

No problems - of course
Started Monitor /record on Diana. then did the AXIS test again. and of course, there wasn't a problem today...And that where some processes that are normally stopped, were still running.
During the test, a lot of processes were swapped out - obviously - but the tests ran to their end....

Seems some-one tyried again to break in on the FTP site:

%%%%%%%%%%% OPCOM 24-SEP-2005 08:16:12.84 %%%%%%%%%%%
Message from user TCPIP$FTP on DIANA
User Name: anonymous
Source: 80.174.62.37
Status: NOPRIV -- File access violation
Object: WEB_DISK:[public.anonymous.050924095014p]

%%%%%%%%%%% OPCOM 24-SEP-2005 08:16:28.49 %%%%%%%%%%%
Message from user TCPIP$FTP on DIANA
User Name: anonymous
Source: 80.174.62.37
Status: NOPRIV -- File access violation
Object: WEB_DISK:[public.anonymous.050924095030p]

and in FTP log shows attempts to get into a WINNT domain.
I've seen this address before, this is a person the seems quite stubborn - and appearently, he (or she, but most hackers seem to be male, so "he" is probably right) just a script kiddy.
The address cannot be traced by DIG but since it seems a calss-A address, 82.0.0.0 has been checked and found to be named at:

;; AUTHORITY SECTION:
0.0.80.in-addr.arpa. 9029 IN SOA dns1.ntli.net. hostmaster.ntli.net. 2005091900 10800 3600 604800 86400:

Had contacted them before, will do again.
System disk backup
Took the opportunity to make a backup of the system disk - on the new 9Gb disk, same size (and type) as current in Diana (first full and complete one in a year), watching television in parallel. Rebooted afterwards - and Io to reagin the cluster IP address on Diana.

23-Sep-2005

Plans

• Start monitor in a session. Found that as long as a program doesn't need to page, it will run. Perhaps $ monitor/record will be possible as well.
• Retry AXIS validation (requires a process for the server and one for the client)
• If possible, and needed, stop these processes
• Stop monitor and examine outcome ($ monitor /playback)

Perhaps that will give a clue what goes on. It's Java, for sure.
Also wants to know what happend with used pagefilequota. A second run last time hung the system, where the first could be kille and left the system usable - in some extent, - but the second hung the system. Completely.

Actions

• Double pagefile in size, to 1.500.000 blocks (750 Mb - 3 times the memoy size...)
• Redo the test - and hope for the best.

The results will be posted tomorrow...

New hardware arrived.
The nw hardware has arrived - that is, almost all:

• HSZ50 storage controller
• 3 x KZPSB (Differential SCSi cards to connect HSZ50)
• 3 x KZPSA (same but older. Just in case KZPSB doesn't work)
• 2 x KFPSA (to create DSSI cluster)
• 2 x BA356 diskshelves + power + controllers
• 8 x 36Gb disks
• 1 x 9Gb disk
• All required cables

Still to come are 6 x 36 Gb disk
So what can now be done:

1. Backup Diana's sytemdisk (AT LAST)
2. Convert the one NT Alphastation to VMS - DANA? DULCINEA? DEIRDRE? DOLLY? DOROTHY? To start with D. Why? Well, just for fun:
3. Build the 3D-Gr cluster (Diana, Daphne and Dxxxxx) as DSSI cluster
4. Configure HSZ-50, connect 2 shelves first
5. Connect all nodes to the HSZ50
6. Build a common system disk on this configuration, for the whole (new?) cluster
7. Get all common files OFF the system disk
8. Boot each node from the HSZ50
9. Configure each node
10. By and by the curent data can be moved to anywhere on this confuguration.
11. Add other cabinets to HSZ50

On the clustername:
3D = Third, Three-dimensional, Three D's (Diana, Daphne and D(whatever))
Gr = Graces (again these three), Group, Grootersnet...
It will (in future) hold a VAMP (Vms, Apache, MySql, PHP) server.

What about IO?
Perhaps that will be kept as mail server (stand alone) if more affordable: CommunigatePro, otherwize just VMS mail as Diana is holding now. It won't be possible to place het in the DSSI clsuter - theer is no such thing as a DSSI-connector for TURBOChannel...

Do you want to become famous and highly respected within the VMScommunity?
This is a way to go:
Create a program to convert JAVA bytecode intoVMS object format so a VMS-native IMAGE can be created.....
(Preferrably freeware. Small cost is no objection. Greed is)
You may become famous on other platforms as well, except perhaps at SUN and the JAVAcommunity, but who cares ?

21-Sep-2005 (continued)

SOAP installed.
Installed AXIS 1.1 as downloaded from the HP site, because some investigation and hands-on excercise s needed. Did the same at the cusomer's development machine but they run 7.3-1, and thererore the WesServicesIntegrationToolkit cannot be used (it requires 7.3-2 or higher.
One issue found here:

$ dir axis$root:[axis-1_1.webapps.axis]/sec
Directory AXIS$ROOT:[AXIS-1_1.webapps.axis]
EchoHeaders.jws;1 [AP_HTTPD,APACHE$WWW] (RWED,RWED,RE,)
fingerprint.jsp;1 [AP_HTTPD,APACHE$WWW] (RWED,RWED,RE,)
happyaxis.jsp;1 [AP_HTTPD,APACHE$WWW] (RWED,RWED,RE,)
index.html;1 [AP_HTTPD,APACHE$WWW] (RWED,RWED,RE,)
SOAPMonitorApplet.java;1 [AP_HTTPD,APACHE$WWW] (RWED,RWED,RE,)
StockQuoteService.jws;1 [AP_HTTPD,APACHE$WWW] (RWED,RWED,RE,)
web-inf.DIR;1 [AP_HTTPD,APACHE$WWW] (RWE,RWE,,)
(IDENTIFIER=[AP_HTTPD,APACHE$WWW],ACCESS=READ)
Total of 7 files.
The fun is the last directory: it's name is in lowercase, but since AXIS is a Java application, it is suspected this will cause problems, while it will be expected to be in uppercase.

Since this directory is owned by APACHE$WWW, the file ownership is correct. It has been seen otherwise....

Next followed the manual to install axis, and test it. Again: Diana hangs - due to JAVA running. This time, ^C of the axis server freed enough resources to prevent a reboot. So extend the pagefile by about 50%:

$ dir DISK$ALPHASYS:[SYS0.SYSEXE]PAGEFILE.SYS/siz

Directory DISK$ALPHASYS:[SYS0.SYSEXE]

PAGEFILE.SYS;4 532500

Total of 1 file, 532500 blocks.
$ mc sysgen
SYSGEN> CREATE DISK$ALPHASYS:[SYS0.SYSEXE]PAGEFILE.SYS/SIZE=750000
%SYSGEN-I-EXTENDED, DISK$ALPHASYS:[SYS0.SYSEXE]PAGEFILE.SYS;4 extended
SYSGEN> Exit
$ dir DISK$ALPHASYS:[SYS0.SYSEXE]PAGEFILE.SYS/siz

Directory DISK$ALPHASYS:[SYS0.SYSEXE]

PAGEFILE.SYS;4 750000

Total of 1 file, 750000 blocks.

That should be enough.

Retry, keeping an eye on performance! But it's worse, nothing works. Can start a new telnet session after the two others have been stopped, and with some time, it succeds. yet another try, with MONITOR up, it shows the system IS busy and not just with AXIS validation. 2 processes are in MWAIT state. Modified page list seems very full, and pagefile is - again - fully taken! Trying to extend it even more (double in size), though the system is VERY slow. By no means. The system won't free enough resources, not even after all windows are closed. Alas, when logged in, need to reboot (both machines due to the cluster address).

More on CommunigatePro
Created screenshots for CommunigatePro confururation. Well - very, very basic configuration. Have to do the pages and add them to the site.
Thinking of a way to move the files from the too small disk to a bigger one: matter of chnaging a logical and move the files. But that has be be checked when possible - not now

21-Sep-2005

Access succeded

Yesterday, made the change and checked it outthis morning from another network: The mailbox can be accessed, so to show it next message was sent to the blog (after which the entry was edited...)

IT WORKS FROM ELSEWHERE

Now if you read this: the issue with no access from
another network is now solved.
This messages was sent from quite another, non-related
network and another provider.

No digging to get things nicer.
The how-and-why will be published on www.grootersnet.nl/openvms - some time in the future.

That's a next thing to do.

20-Sep-2005

Found the reason
Checked the on-line documentation of Communigate and found this:

When I try to log in, I get the "access from your network is denied" error.
You have selected the Reject all Logins from Non-Client Addresses option on the Protection page. Now you can connect to the Server only from the addresses listed in the Client IP Addresses field (on the same page).
If the Client IP Addresses field was left empty, you still can connect to the Server if you launch your browser on the Server computer itself, and connect locally, using the http://127.0.0.1:8010 URL.
If you have not entered anything into the Client IP Addresses field, or if you cannot connect from the IP Addresses listed in that field, and you cannot connect to the server locally, using the http://127.0.0.1:8010 URL, then:
stop the CommuniGate Pro Server;
open the {base}/Settings/IPAddresses.settings file and change the ClientOnly option from YES to NO, and save the updated file.
start the CommuniGate Pro Server again.
Will change this tonight and check tomorrow.

19-sep-2005

Ok, but not from outside
It all works but there is still a problem accessing Io's mail configuration from the internet. That is: Cimmunigate is accessable but signals it cannot handle the request. Changed settings fro the web clients, not to require a fixed address but it might not be the issue: clients can live anywhere....Tried to check using the login at ISP but that character-cell based browser cannot handle secure sockets (https) and that's the route to Io....
And, of course, break-in attemps
No trouble but (again) attempts to break FTP. Digged down the originating address: some ISP; mailed this organisation to log and a request to take appropiate action. It would be an idea to automate that - if it were possible, but it's quite likely it will require interactive action, just to see if it's an ISP, Broadband supplier (which doens't need to be ISP...), or an educational institute.
Good it's a VMS box!

18-Sep-2005

Sending works!

Sent a message yesterday to the blog to see if it arrived:

Just to show it works

Well, just a proof it works: This message has been sent
from Io - using Communigate Pro.
The previous wasn't addresses properly - so no wonder it
didn't work.

It did - as can be seen

But external acces doesn't work....
The mailbox is not accessable from another network, yet. Some digging to do.

17-Sep-2005

CommunigatePro works!
Minor change in general settings: use Diana and Charon as DNS servers and mail gets out properly! Reading from Diana - as primary server - works fine as well, there is a lot of settings that can be added and changed but so far, the product is fine. Only the cost to become a licenced user....

Checked logs - another break-in attempt on the FTP site - someone thinking Diana is a Windows machine, given it looks to IIS and Personal WebServer pages. No way. Given the times, there is no manual input involved - too fast after eachother. No human is able to type taht fast without any error - I guess.
Warned ISP and hope they take measurements to this script-kiddy.

16-Sep-2005

Alas....
No mail sent: SMTP and BIND ports are defined to be used by VMS's TCPIP stack and there should be not any service defined on these. Communigate seems to require these ports to be absolutely free - otherwise domain lookup and sending mail will fail.
Another configuration issue: the configured domain can not be used from outside, using the webmail site for the domain:



Well, it's obvious what to change here. Some time today, or this weekend.

Update

For some reason, one of the first messages sent made it....
But it has been acknowledged that the services need to be deleted. Disable and stop services alone isn't enough, it will still block the port from being used by CommunigatePro - but that is a known issue.

15-Sep-2005

Get all patches....
Retrieved all current patches for VMS 7.3-2 and 8.2 - the first required to update a machine at customer's permises, in order to match requirements for Tomcat, Axis and Java 1.4-2, and 8.2 to be installed on both Io and Daphne - some time. Placed it all on Athena, so Aphrodite could be used to
...configure CommunigatePro...
While Athena was downloading, Io was prepared to host CommunigatePro: SMTP client disabled so port 25 can be used by the package. Started it, logged in as postmaster and did a very, very basic configuration: define the right domain, add a user and configured the environment for that user - retrieve messages from Diana but keep then there.
Logged in as that user and behold:

"You've got mail"

AND, mail could be sent! It remains to be seen wehther that arrives, but time will tell.
...Charon adjusted...
So Charon's forwarding settings have been adjusted to move (secured) traffic to IO - again: see if that works. These ports are ususally blocked on firewalls by company rule, but so what. On public lines, it would be able to access webmail on Io!
... now test it!

14-Sep-2005

Patches and software...
Applied the downloaded VMS 8.2 patches on IO - not the latest - and rebooted. DTSS keeps off: good.
Installed CommunigatePro /DEST=IO_DATA:CGPRO] which didn't start to begin with since it seems that this disk wasn't mounted (DKA100 is!) of has no associated logical (SHO LOG IO_DATA is correctly mentioned as "DKA100:"). Dismounting the disk, and remount ($ MOUNT/CLUSTER $2$DKA100 IO_DATA IO_DATA) solved that problem. But still wondering what causes the issue.
Next, the first run something went wrong, but without warning. At least, the expected directory didn't show up and the product has been removed, the destination directory created and install repeated; Started the product: HURRAY! Now it can be configured - but that has to wiat a while...Stopped the product for now. Have to setup Charon to allow access to the ports, so it can be accessed from outside - when ports are enabled....
...preparing for webservices....
Got all software to test webservices - on Daphne but first some things have to be done (patches, for one, and installation of the requried software). And, of course, connecting it to the power lines and cluster....
...and new hardware????
Requested new hardware: DECHub90 and DECServer90, disks, cabinets and controllers, and some network cards. To be determined what will be added.

13-Sep-2005

Even more useful stuff!
Tonight, on the VMS SIG, learned about Communigate Pro - an Exchange-server replacement that is very, very efficient and easy to manage. Got the software, to be installed on Io to test it. Only problem for full-time depoyment (besides time...) is cost: it's a commercial product so a license requires funds not available - yet.
Find out where to get 'new' disks, so the problem of diskspace on Io, Daphne and NN (the one still to be done) seems solved when these are rolled in.
Perhaps, Daphne is to be used to find out about webservices, without disrupting production running on Diana.

11-Sep-2005

Nothing particular, just the usual....
As to be expected, the both running VMS boxes keep on running without any trouble.
Have tried to deinstall the second pagefile but it's just in "Marked for deletion" state since some process is using it, so it cannot be deleted. Who's keeping it!!! But actually, it's not a problem.
Downloaded several packages - SOAP, WSDL, WSIT - to be used in development of webservices. See how these can be used without extranous IDE packages (that hide a lot and are required to troubleshoot, quite likely). Will get MySQL again, and new RdB software, and latest patches for 7.3-2 and 8.2. Then: time to install and configure - and develop the applications...
Less restrictive mail settings
Without the filtering on UNBKTRNSIP (IP address cannot be back-translated to domain) and UNRSLVMF (Demain name cannot be translated to IP address) - switched off to faciliate acceptance of the messages optherwize blocked, there are more NOSPAMRLY (no relay outside the accepted domain) messages - to be expected, but very acceptable. Thinking of creating a program storing this data into a database and a webservice to retrieve data from it.
Why was this? Well, some valid senders were otherwise blocked, and to add a domain in the blacklist is easy enough.
Tropical?
Temps in the computer room (what's in a name) continues to be high - over 30-35 C - but both Diana and Io don't seem to care.

07-Sep-2005

DTSS Off
13:30: Switched DTSS off on IO, it clutters operator.log so much that really usefull messages get lost in the mess

04-Sep-2005

A retry with Java
Possible reason for hang has been mentioned: because Java requires rediculous amounts of memory (and CPU), pagefile may have been exhausted. And an exhausted pagefile causes the system to hang.
Created a second (VERY BIG) pagefile, and now building the examples finished smoothly, without a problem. Pushed the whole lot under worker2.properties as "HelloWorld" application and it works. (These are different from what was expected, but that one will be changed as well). Enabled status - works fine. Pagefile to be deleted...(can be done without a reboot - of course)
Laptop for Niece
Installed XPHome on Nieces laptop. All ok but the expectation was that the build-in wireless could connect to the Belkin 125k Wireless router - but it didn't. Nor with the accompanying card. Is that router broke again? To test with Athene later on.
Enabled the 11Mb Wireless router, that works.
Niece happy!

02-Sep-2005

Hung - by Java.
Today the Tomcat examples wewre built following the manual. It started fine but all of a sudden it stopped and nothing worked, except CTRL-T - showing JAVA$JAVA.EXE took no CPU at all, minimized pagefaults unless even that didn't change anymore, and increment of IO by one on each hit. Could be that subthreads were very busy (seen before), but due to the fact that nothing did work, this could not be examined. Next telnet sessions timed out, no way to log in (telnet nor console) so the only solution was to hit the reset button, boot and forget about it, for the moment. Forgot, however, to create a crashdump...
Posted the problem on ITRC, to find out what what was the problem.
DECNet config
Rebooted after Diana was up again, to give cluster IP address to Diana.
Configured DECNet on IO, for the ability to do SET HOST and use CTERM and FAL, being more convenient than telnet or FTP (well, don't need FAL since IO and Diana share disks, but just in case another the last system is to be running - being outside the cluster). The only problem: DTSS error messages ever 10 minutes...
Disables OPERATOR.LOG on IO since messages are logged on Diana's operator log - therefore, it's about 10 times the size as before.